Matproof × AWS
Amazon Web Services — automated compliance evidence from IAM, CloudTrail, Config, Security Hub.
Matproof's AWS integration continuously pulls configuration and security evidence across your AWS accounts — IAM policies and users, S3 bucket configuration, CloudTrail logs, AWS Config rules, Security Hub findings, GuardDuty alerts, KMS key rotation, RDS encryption, EC2 Security Groups. One AWS Organizations connection covers all member accounts with read-only IAM role access. No agents, no production traffic.
Evidence Matproof collects from AWS
- IAM users, roles, policies, MFA status, access keys
- S3 bucket encryption, public access, versioning, logging
- CloudTrail trail configuration and log destinations
- AWS Config rules and compliance status
- Security Hub findings and CIS benchmark results
- KMS key rotation status and access policies
- RDS encryption at rest and in transit
- VPC and Security Group configurations
- GuardDuty detector status and critical findings
Frameworks supported
SOC 2ISO 27001NIS2DORAGDPRTISAXBSI C5
Typical use cases
- Continuous SOC 2 CC7 evidence (security monitoring, change detection)
- ISO 27001 A.8.9 configuration management + A.8.15 logging evidence
- DORA Art. 9 ICT security measures on cloud infrastructure
- NIS2 Art. 21(2)(e) security in development + maintenance
- GDPR Art. 32 technical measures (encryption, access control)
Setup
- 1Create AWS IAM role in your target account(s) with ReadOnlyAccess + SecurityAudit policies attached
- 2Add Matproof's AWS account as the trusted entity
- 3Paste the Role ARN into Matproof's AWS integration setup
- 4For AWS Organizations: enable at management account, Matproof discovers member accounts automatically
- 5Evidence flows in within ~10 minutes of connection
Questions on the setup? Contact us — our team can pair with yours on the connection.
See Matproof × AWS in action.
30-minute demo — we connect a sandbox to show evidence flowing for your actual AWS setup.